Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-26793
Publication date:
01/05/2024
libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2023-23019
Publication date:
01/05/2024
Cross site scripting (XSS) vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function user_add.\
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025

CVE-2024-32212
Publication date:
01/05/2024
SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0.20.120 and before allows an attacker to execute arbitrary code via the ArticleGetGroups, DocAddDocument, ClassClickShop and frmSettings components.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2024-32213
Publication date:
01/05/2024
The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak passwords. By default, hard-coded passwords of 10 characters with little or no complexity are allowed.
Severity CVSS v4.0: Pending analysis
Last modification:
15/09/2025

CVE-2024-33078
Publication date:
01/05/2024
Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
15/09/2025

CVE-2024-33442
Publication date:
01/05/2024
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2024-32210
Publication date:
01/05/2024
The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2024-32211
Publication date:
01/05/2024
An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before allows a local attacker to obtain sensitive information via the UserClass.cs and Settings.cs components.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2024-30176
Publication date:
01/05/2024
In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2025

CVE-2024-29010
Publication date:
01/05/2024
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information.<br /> <br /> This issue affects GMS: 9.3.4 and earlier versions.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2024

CVE-2024-33516
Publication date:
01/05/2024
An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/07/2025

CVE-2024-33517
Publication date:
01/05/2024
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/07/2025
Subscribe to Vulnerabilities